How to Password Protect a Web Page with Apache

Summarized from http://httpd.apache.org/docs-2.0/howto/auth.html

Let's say you want this situation:

~/public-web/Index.html My default page, world-readable
~/public-web/public/ World-readable subdirectory
~/public-web/private/ Password-protected subdirectory

You need a "password file" in a place where Apache can read it but will not serve it up to web clients. That means it must not be under ~/public-web. Your home directory should work.

Here I create a new password file as I add a user named fred. 

% htpasswd -c ~/.web-password fred
Adding password for fred.
New password: ******
Re-type new password: ******
% ls -l ~/.web-password
-rw-r--r--  1 cromwell cromwell 19 Jan 29 14:58 /home/cromwell/.web-password

Note that you do NOT see the literal "******" above. I added that to indicate where I typed the rather bad password fredpw.

Now, similar to /etc/shadow, the password file does NOT contain the password, but the hash of the password: 

% cat ~/.web-password
fred:ds8BPFUd2MZDw

To password-protect my directory ~/public-web/private/ I just do this: 

% cd ~/public-web/private
% cat > .htaccess
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /home/rvl4/b/cromwell/.web-password
Require user fred
^D

That's it for the basic stuff! For far more, like adding more users, making groups of users, allowing or disallowing access from specific IP address blocks or domains, etc see the full Apache documentation:
http://httpd.apache.org/docs-2.0/howto/auth.html

Click here to inquire about advertising on this or any page on this site.
Home Unix/Linux Networking Infosec Travel Technical Radio Site Map Contact
Use /bin/vi! Manipulate images with ImageMagick! Hosted on OpenBSD
Hosted on Apache This site is viewable with any browser Valid XHTML 1.1! Valid CSS!
© Bob Cromwell Aug 2010. Created with /bin/vi and ImageMagick, hosted on OpenBSD with Apache.    Root password available here, privacy policy here.